Scribd
Upload
57 views

(Router Name) (Encrypted Privileged Exec Password)

The document contains configuration steps for a router and three switches: 1. The router and switches are configured with hostnames, passwords, IP addresses and interface settings. VLANs are created and trunk links configured between the switches. 2. The switches are configured for VLAN trunking with VLAN 99 as the native VLAN. VTP is configured with one switch as the server, one as the client, and one as transparent. 3. Port security is enabled on interfaces of two switches to restrict MAC addresses.

Uploaded by

Mouhamad Bazzi
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
57 views

(Router Name) (Encrypted Privileged Exec Password)

The document contains configuration steps for a router and three switches: 1. The router and switches are configured with hostnames, passwords, IP addresses and interface settings. VLANs are created and trunk links configured between the switches. 2. The switches are configured for VLAN trunking with VLAN 99 as the native VLAN. VTP is configured with one switch as the server, one as the client, and one as transparent. 3. Port security is enabled on interfaces of two switches to restrict MAC addresses.

Uploaded by

Mouhamad Bazzi
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Router Configuration

Router>enable
Router#config term
Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname Router1 (Router Name)


Router1(config)#enable secret class (Encrypted privileged exec password)

Router1(config)#no ip domain-lookup

Router1(config)#line console 0 (Console access password)


Router1(config-line)#password cisco
Router1(config-line)#login

Router1(config-line)#line vty 0 4 (Telnet access password)


Router1(config-line)#password cisco
Router1(config-line)#login

Router1(config-line)#interface fa0/0
Router1(config-if)#ip address 192.168.7.126 255.255.255.128
Router1(config-if)#no shutdown (interface ON)
Router1(config-if)#duplex auto
Router1(config-if)#speed auto
Router1(config-if)#description connection to host1

Router1(config-if)#interface fa0/1
Router1(config-if)#ip address 192.168.7.190 255.255.255.192
Router1(config-if)#no shutdown (interface ON)
Router1(config-if)#duplex auto
Router1(config-if)#speed auto
Router1(config-if)#description connection to switch1

Router1(config-if)#end
Router1#show run
Switch Configuration

Switch>enable
Switch#show running-config (Show the current running configuration file)
Switch#show startup-config (Show the current contents of NVRAM)
switch#show version (Display Cisco IOS information)

Switch#show interface vlan1 (Show the characteristics of the virtual interface VLAN1)
Switch#show interface fastethernet 0/18
switch#show ip interface vlan1 (view the IP properties of the interface)

Switch#show vlan (Show the default VLAN settings of the switch)


Switch#show vlan brief (Show the VLAN settings of the switch in brief)

Switch#dir flash: (Show the content of the flash directory)


or
Switch#show flash (show the content of the flash directory)

Remove the VLAN database information file:

Switch#delete flash:vlan.dat
Delete filename [vlan.dat]?[Enter]
Delete flash:vlan.dat? [confirm] [Enter]

If there is no VLAN file, this message is displayed:


%Error deleting flash:vlan.dat (No such file or directory)

Remove the switch startup configuration file from NVRAM:

Switch#erase startup-config
The responding line prompt will be:
Erasing the nvram filesystem will remove all files! Continue? [confirm]
Press Enter to confirm.
The response should be:
Erase of nvram: complete

Restart the software:

Switch(config)#reload
The responding line prompt will be:
System configuration has been modified. Save? [yes/no]:
Type n and then press Enter.
The responding line prompt will be:
Proceed with reload? [confirm] [Enter]
The first line of the response will be:
Reload requested by console.
After the switch has reloaded, the line prompt will be:
Would you like to enter the initial configuration dialog? [yes/no]:
Type n and then press Enter.
The responding line prompt will be:
Press RETURN to get started! [Enter]
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname S1 (Switch Name)


S1(config)#

Set the access passwords:

S1(config)#line console 0 (Console access password)


S1(config-line)#password cisco
S1(config-line)#login

S1(config-line)#line vty 0 15
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exit

Set the command mode passwords:

S1(config)#enable secret class (This password protects access to privileged EXEC mode)

Configure VLANS:

Switch#configure terminal
S1(config)#vlan 99 (create the new VLAN 99 on the switch)
S1(config-vlan)#exit

S1(config)#interface vlan99
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to down
S1(config-if)#ip address 172.17.99.11 255.255.255.0 (set the IP address & subnet mask)
S1(config-if)#no shutdown
S1(config)#ip default-gateway 172.17.99.1 (Set the switch default gateway)
S1(config-if)#exit
S1#show interface vlan 99
Notice that the VLAN 99 interface is in the down state even though you entered the
command no shutdown. The interface is currently down because no switchports are
assigned to VLAN 99.

Assign all user ports to VLAN 99

S1#configure terminal
S1(config)#interface range fa0/1 - 24
S1(config-if-range)#switchport access vlan 99
S1(config-if-range)#exit
S1(config)#

S1#show interface vlan 99


S1#show vlan brief

Configure the port speed and duplex settings for a FastEthernet interface

S1#configure terminal
S1(config)#interface fastethernet 0/18
S1(config-if)#speed auto
S1(config-if)#duplex auto
S1(config-if)#end

Save the contents of the running configuration file to non-volatile RAM (NVRAM):

S1#copy running-config startup-config


Destination filename [startup-config]?[Enter] Building configuration...
[OK]
S1#
MAC addresses:

S1#show mac-address-table (Display the MAC addresses table)

S1#show mac-address-table address dynamic (Show only the MAC addresses from the table
that were learned dynamically)

S1#show mac-address-table address <PC1 MAC here> (View the MAC address entry for PC1)

S1#clear mac-address-table dynamic (Clear the MAC address table)

S1(config)#mac-address-table static 00e0.2917.1884 vlan 99 interface fastethernet 0/18


(Set up a static MAC address)

S1(config)#no mac-address-table static 00e0.2917.1884 vlan 99 interface fastethernet


0/18 (Remove the static MAC entry)

VLAN Configuration:

Switch#config term
Switch(config)#interface range fa0/1-24
Switch(config-if-range)#shutdown
Switch(config-if-range)#interface range gi0/1-2
Switch(config-if-range)#shutdown

S2(config)#interface range fa0/6, fa0/11, fa0/18


S2(config-if-range)#switchport mode access
S2(config-if-range)#no shutdown
S3(config)#interface range fa0/6, fa0/11, fa0/18
S3(config-if-range)#switchport mode access
S3(config-if-range)#no shutdown

Create VLANs on switches:


S1(config)#vlan 10
S1(config-vlan)#name faculty/staff
S1(config-vlan)#vlan 20
S1(config-vlan)#name students
S1(config-vlan)#vlan 30
S1(config-vlan)#name guest
S1(config-vlan)#vlan 99
S1(config-vlan)#name management
S1(config-vlan)#end
S1#
S1#show vlan brief

S3(config)#interface range fa0/6-10


S3(config-if-range)#switchport access vlan 30
S3(config-if-range)#interface range fa0/11-17
S3(config-if-range)#switchport access vlan 10
S3(config-if-range)#interface range fa0/18-24
S3(config-if-range)#switchport access vlan 20
S3(config-if-range)#end

S3#copy running-config startup-config


Destination filename [startup-config]? [enter]
Building configuration...
[OK]

S3# show vlan id vlan-number


S3# show vlan name vlan-name
S3# show interfaces interface
Assign the management VLAN

S1(config)#interface vlan 99
S1(config-if)#ip address 172.17.99.11 255.255.255.0
S1(config-if)#no shutdown
S2(config)#interface vlan 99
S2(config-if)#ip address 172.17.99.12 255.255.255.0
S2(config-if)#no shutdown
S3(config)#interface vlan 99
S3(config-if)#ip address 172.17.99.13 255.255.255.0
S3(config-if)#no shutdown

Configure trunking and the native VLAN for the trunking ports on all switches

S1(config)#interface range fa0/1-5


S1(config-if-range)#switchport mode trunk
S1(config-if-range)#switchport trunk native vlan 99
S1(config-if-range)#no shutdown
S1(config-if-range)#end

S2(config)# interface range fa0/1-5


S2(config-if-range)#switchport mode trunk
S2(config-if-range)#switchport trunk native vlan 99
S2(config-if-range)#no shutdown
S2(config-if-range)#end

S3(config)# interface range fa0/1-5


S3(config-if-range)#switchport mode trunk
S3(config-if-range)#switchport trunk native vlan 99
S3(config-if-range)#no shutdown
S3(config-if-range)#end

S1#show interface trunk


S2#show interface trunk
S3#show interface trunk
Configure VTP on the Switches

 Step 1:
Check the current VTP settings on the three switches:

S1#show vtp status


S2#show vtp status
S3#show vtp status

Note that all three switches are in server mode.


Server mode is the default VTP mode for most Catalyst switches.

 Step 2:
Configure the operating mode, domain name, and VTP password on all three switches

Configure S1 in server mode:

S1(config)#vtp mode server


Device mode already VTP SERVER.
S1(config)#vtp domain Lab4
Changing VTP domain name from NULL to Lab4
S1(config)#vtp password cisco
Setting device VLAN database password to cisco
S1(config)#end

Configure S2 in client mode:

S2(config)#vtp mode client


Setting device to VTP CLIENT mode
S2(config)#vtp domain Lab4
Changing VTP domain name from NULL to Lab4
S2(config)#vtp password cisco
Setting device VLAN database password to cisco
S2(config)#end

Configure S3 in transparent mode

S3(config)#vtp mode transparent


Setting device to VTP TRANSPARENT mode.
S3(config)#vtp domain Lab4
Changing VTP domain name from NULL to Lab4
S3(config)#vtp password cisco
Setting device VLAN database password to cisco
S3(config)#end

Note: The VTP domain name can be learned by a client switch from a server switch, but
only if the client switch domain is in the null state. It does not learn a new name if
one has been previously set. For that reason, it is good practice to manually configure
the domain name on all switches to ensure that the domain name is configured correctly.
Switches in different VTP domains do not exchange VLAN information.

 Step 3:
Configure trunking and the native VLAN for the trunking ports on all three switches:

S1(config)#interface range fa0/1-5


S1(config-if-range)#switchport mode trunk
S1(config-if-range)#switchport trunk native vlan 99
S1(config-if-range)#no shutdown
S1(config-if-range)#end

S2(config)# interface range fa0/1-5


S2(config-if-range)#switchport mode trunk
S2(config-if-range)#switchport trunk native vlan 99
S2(config-if-range)#no shutdown
S2(config-if-range)#end
S3(config)# interface range fa0/1-5
S3(config-if-range)#switchport mode trunk
S3(config-if-range)#switchport trunk native vlan 99
S3(config-if-range)#no shutdown
S3(config-if-range)#end

 Step 4:
Configure port security on the S2 and S3 access layer switches.

S2(config)#interface fa0/6
S2(config-if)#switchport port-security
S2(config-if)#switchport port-security maximum 1
S2(config-if)#switchport port-security mac-address sticky
S2(config-if)#interface fa0/11
S2(config-if)#switchport port-security
S2(config-if)#switchport port-security maximum 1
S2(config-if)#switchport port-security mac-address sticky
S2(config-if)#interface fa0/18
S2(config-if)#switchport port-security
S2(config-if)#switchport port-security maximum 1
S2(config-if)#switchport port-security mac-address sticky
S2(config-if)#end

S3(config)#interface fa0/6
S3(config-if)#switchport port-security
S3(config-if)#switchport port-security maximum 1
S3(config-if)#switchport port-security mac-address sticky
S3(config-if)#interface fa0/11
S3(config-if)#switchport port-security
S3(config-if)#switchport port-security maximum 1
S3(config-if)#switchport port-security mac-address sticky
S3(config-if)#interface fa0/18
S3(config-if)#switchport port-security
S3(config-if)#switchport port-security maximum 1
S3(config-if)#switchport port-security mac-address sticky
S3(config-if)#end

 Step 5:
Configure VLANs on the VTP server.

S1(config)#vlan 99
S1(config-vlan)#name management
S1(config-vlan)#exit
S1(config)#vlan 10
S1(config-vlan)#name faculty/staff
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#name students
S1(config-vlan)#exit
S1(config)#vlan 30
S1(config-vlan)#name guest
S1(config-vlan)#exit

 Step 6:
Check if the VLANs created on S1 have been distributed to S2 and S3.

S2#show vlan brief


S3#show vlan brief

You might also like